In this blog, we have previously mentioned the security vulnerabilities of the Internet of Things (IoT) – the millions of devices that are privately or publicly connected to the internet. IoT manufacturers have a tendency to neglect adding adequate security measures to these gadgets in order to make them cheaper and easily accessible. Millions of people purchase such devices to enhance and simplify their daily lives but have little or no understanding of how to secure the vast amount of data and information that they generate. One way to catch people’s attention regarding how un-secure these devices actually are is by sharing horror stories about them being hacked.
The most recent of such stories emerged from the town of Phoenix in Arizona. Andy Gregg was happily strolling in the backyard of his home when he heard an unrecognizable voice coming from inside the house. He was immediately occupied by the thought that somebody had broken into his home, despite being the owner of a Nest Cam IQ security camera – specifically designed to detect intruders. Convinced that the device has failed to do its job, Andy followed the voice to its source. That’s when he realized that the voice was coming from the security camera itself that was perched inside his front window.
The voice was that of a man, who said he was a “white hat” hacker in Canada with the group Anonymous. He had obviously hacked into the device and used it to communicate with Andy. He recited a password Andy had used for multiple websites, telling him that his private information had been compromised. According to a recording of the interaction, the hacker said, “I’m really sorry if I startled you or anything. I realize this is super unprofessional, and I’m sorry that it’s a little late in the day to do this.” He went on to say, “We don’t have any malicious intent.” The hacker went on to divulge that although he couldn’t see Andy through the camera and didn’t have a clue regarding his location, such information wouldn’t be hard to find. In the end, he said that he had accessed Andy’s camera to warn him about its security vulnerabilities, which other hackers might exploit for nefarious purposes.
Nest Security cameras are one of the best in the industry, developed by Google’s parent company Alphabet Inc. According to their official website, the Nest Cam IQ indoor camera possesses AES 128-bit encryption that secures data and keeps connections private. Despite being a secured IoT device from a well-established manufacturer, the fact that it was hacked raises quite a few eyebrows. After the incident, Andy changed his passwords and unplugged the camera. “You basically feel very vulnerable,” he said. “It feels like you’ve been robbed essentially and somebody’s in your house. They know when you’re there. They know when you’re leaving.”
Following the reporting of the news, Nest issued a statement stating that passwords stolen in other hacks have been used to gain access to many of their IoT devices. The company, which also sells smart thermostats and door locks, recommends setting two-factor authentication for such devices to add an additional layer of security. Nonetheless, users should be extremely cautious while using IoT gadgets and should read up the subsequent documentation that’s provided along with it. While it may be a hard problem to eradicate, the chances of these devices can be minimized at length with adequate knowledge.